Effective Date: October 30, 2019
We respect your privacy.
This policy, therefore, describes how we collect, process and hold your personal data if you visit our website, use our services or otherwise provide us with personal data.
We are Talisa US, LLC of 250 Greenwich St, New York, NY, 10007, USA. We are the sole data controller of your personal data.
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at firstname.lastname@example.org or call us on (646) 846-1810.
Personal Data that We Collect
When you browse our website, subscribe to our newsletter, open an account on our website or purchase an item, we may collect, process, store and use personal data including your name, phone number, mobile number, physical address, email address and IP address together with payment information and browsing history. Personal data however does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
You do not need to provide us with any personal data to browse through our website. However, we may still automatically collect certain information as described below.
When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.
In addition, if you choose to engage in social sharing, for example, by connecting your social media account (e.g., Facebook) to your customer account or by logging into your customer account from your social media account, the social media site may share information with us about your use of their services, including profile information, information about your contacts and content you have viewed or liked. Where applicable, please refer to the social media site’s privacy settings to control how your information is shared.
Data that We Automatically Collect
When you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.
The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Site, for example, this is done on an anonymous aggregate basis.
We also use Google Analytics to monitor how the website is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the website, where visitors generally came from, how long they stayed on the website, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal data. If you do not agree to this use you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
It is necessary for our legitimate interests to use your personal data to send you marketing communications, which may include newsletters, blog posts, surveys and information about new products.
You can choose to no longer receive marketing communications by contacting us at email@example.com or clicking unsubscribe from a marketing email.
If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Why We Process Personal Data
We will use your personal data in order to comply with our contractual obligations, to supply to you the products that you had purchased, including to contact you with any information relating to the shipment and delivery of the product to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have with respect to the same, if any.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
Sharing Personal Data
We may share your personal data with our employees, service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics and Facebook), payment and shipment providers, email communication providers (e.g., Mail-Chimp), IT service providers, accountants, auditors and lawyers.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property or safety.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Legal Basis for Processing of Personal Data of EEA Residents
If you reside within the EEA, our processing of your personal data will be legitimized as follows:
Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).
Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).
Your rights Under GDPR
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete or to limit or object to its processing. You also have the right at any time to require that we delete your personal data or transfer it to a third-party. To exercise these rights, or any other rights you may have under applicable laws, please contact us at firstname.lastname@example.org.
Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within thirty (30) days from our confirmation of such receipt.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. For more information on the GDPR, please refer to:
Cross-border Transfer of Personal Data
We may share personal data with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal data, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal data. We will obtain your express consent, however, before using your personal data for any purposes other than performing the services for which you provided the personal data.
For EU and Swiss users only - Transferring your information outside the European Economic Area.
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”) and Switzerland. This may happen if any of our servers are from time to time located in a country outside of the EEA or Switzerland. These countries may not have similar data protection laws to the EEA or Switzerland.
In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks (described below), where applicable, or binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities.
If you use our services while you are outside the EEA or Switzerland, your information may be transferred outside the EEA or Switzerland in order to provide you with those services.
Privacy Shield Principles and Framework
Talisa US LLC complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Talisa US LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the Data Privacy Framework (DPF), Talisa US, LLC is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. Pursuant to the Data Privacy Framework (DPF), EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Talisa US, LLC accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Talisa US, LLC remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Talisa US, LLC proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-US Data Privacy Framework Principles, Talisa US LLC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact Talisa US, LLC by email at email@example.com or via post at:
Ariel Shavit at: Talisa US, LLC Data Protection Officer
250 Greewich Street Floor 38
New York, NY 10007
Talisa US, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Notifications and Updates
Our website sends new registered users a welcoming email to verify password and username. After you register with our website and have provided consent to receiving marketing emails, we may send you on a regular basis via emails information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe from receiving these types of communications.
We may also send you notifications regarding updates to our website and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential. You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal data seriously, we do not and cannot promise that your personal data will always remain completely secure.
If you register with us, we shall retain your personal data until you close your account. If you receive marketing communications from us, we shall retain your personal data until you opt-out of receiving such communications.
If you have otherwise ordered or purchased an item from us or contacted us with a question or comment, we shall retain your personal data for 6 months following such contact to respond to any further queries you might have.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
The website and services are intended to be used by individuals over the age of 18. If we become aware that we have collected the personal data of an individual under 16, we will take steps to delete the information as soon as possible. Please immediately contact us by sending an email to firstname.lastname@example.org if you become aware that an individual under 16 has provided us with personal data.
This policy shall be governed by and construed in accordance with the law of New York, and you agree to submit to the exclusive jurisdiction of the New York's Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our website after the time we state the changes will take effect, you will have accepted the changes.